crony/cronyakatsuki.xyz
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Site update

Browse source
This commit is contained in:
CronyAkatsuki 2025-05-10 09:35:02 +02:00
parent 66311ee207
commit 44f8726e2d
34 changed files with 472 additions and 458 deletions
Download patch file Download diff file Expand all files Collapse all files

62
content/blog/setup-dns-pihole-unbound.md
View file

@ -4,18 +4,28 @@ date = 2023-09-27
tags = ['self-host', 'dns', 'pi-hole', 'unbound']
+++
Just another day I seted up my own private dns server that has adblocking ( and other stuff ) using pihole and uses unbound as a resolver. To safelly connect to the dns server I'm using DNS over HTTPS for my browser's and HTTPS over TLS for stuffy for my whole desktop and private dns in android ( Android has DoH support but only for google and cloudflare right now). Let's get on to setting everything up
Just another day I seted up my own private dns server that has adblocking ( and
other stuff ) using pihole and uses unbound as a resolver. To safelly connect to
the dns server I'm using DNS over HTTPS for my browser's and HTTPS over TLS for
stuffy for my whole desktop and private dns in android ( Android has DoH support
but only for google and cloudflare right now). Let's get on to setting
everything up
<!-- more -->
## 1. Pihole
Let's start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn't have an official docker container ).
Let's start with setting up pihole. I will be installing it with their script on
a debian system for easier unbound integration ( unbound doesn't have an
official docker container ).
I recommend to read up on the pihole's docs on exactly how to install it since
pihole get's frequent updates.
[DOCS](https://docs.pi-hole.net/main/basic-install/)
I recommend to read up on the pihole's docs on exactly how to install it since pihole get's frequent updates. [DOCS](https://docs.pi-hole.net/main/basic-install/)
I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.
I recommend you to install the admin page for easier managmenet and ability to
change the upstream dns server ( needed for changing it to unbound later on ).
To be able to access the admin page I use an nginx configuration like this one.
```nginx
server {
@ -54,19 +64,27 @@ server {
}
```
The main point of this config is the `/admin` location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
Also to make lighttpd work with nginx listening on port 80 you need to edit the `server.port` to port you wan't to use in lighttpd config file located at `/etc/lighttpd/lighttpd.conf` and then just restart lighttpd
The main point of this config is the `/admin` location that you need to pass the
lighttpd port to acces the website, you can just do it on your main website
also. Also to make lighttpd work with nginx listening on port 80 you need to
edit the `server.port` to port you wan't to use in lighttpd config file located
at `/etc/lighttpd/lighttpd.conf` and then just restart lighttpd
## 2. Unbound
For this part I will just link the pi-hole's unbound documentation because it is the most correct one and updated as things change regulary.
For this part I will just link the pi-hole's unbound documentation because it is
the most correct one and updated as things change regulary.
[Pi-hole unbound docs](https://docs.pi-hole.net/guides/dns/unbound/)
## 3. DNS over TLS
For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command `certbot --nginx -d dot.example.com`.
For dns over tls you need to first have a ssl certificate. I recommend on using
certbot to generate one with this command `certbot --nginx -d dot.example.com`.
Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at `/etc/nginx/nginx.conf`. **Make sure to add this outside of the http block and change example.com to your domain**
Next you will need a reverse proxy, in my case I use nginx. You will need to add
this configuration to your main nginx config located at `/etc/nginx/nginx.conf`.
**Make sure to add this outside of the http block and change example.com to your
domain**
```nginx
stream {
@ -100,12 +118,16 @@ stream {
}
```
Also make sure to enable port 853, example ufw command is `ufw allow 853/tcp`. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to `dot.example.com` and then visit the website[dnsleaktest](https://dnsleaktest.com)
Also make sure to enable port 853, example ufw command is `ufw allow 853/tcp`.
Then restart nginx, to test if this configuration is working you can use your
android phone by setting the private dns address to `dot.example.com` and then
visit the website[dnsleaktest](https://dnsleaktest.com)
## 4. DNS over HTTPS
For using dns over https we will be installing additional package called dnsdinst. On debian systems just run `apt install dnsdinst`. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.
For using dns over https we will be installing additional package called
dnsdinst. On debian systems just run `apt install dnsdinst`. Next you will need
to setup dnsdinst config and restart it. Make sure to change example.com.
```conf
-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
@ -126,7 +148,11 @@ newServer({address="127.0.0.1", name="Pi-hole", checkName="example.com", checkIn
addDOHLocal("127.0.0.1:5300", nil, nil, "/dns-query", { reusePort=true })
```
Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command `certbot --nginx -d doh.example.com`after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.
Next we will need another ssl certificate for the doh domain, for that we will
once again using certbot with this command
`certbot --nginx -d doh.example.com`after that add this configuratin to nginx
either in sites-available and linking it to sites enabled or in http block in
main nginx configuration.
```nginx
# Proxy Cache storage - so we can cache the DoH response from the upstream
@ -180,6 +206,10 @@ server {
}
```
After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout [dnsleaktest](https://dnsleaktest.com) website and check if it is all working.
After restarting nginx with this configuration you can it to your web browser as
a DNS over HTTPS resolver and once again checkout
[dnsleaktest](https://dnsleaktest.com) website and check if it is all working.
Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website's [repo](https://code.cronyakatsuki.xyz/crony/website).
Hope this has been helpfull and if anybody has any way on how to make this guied
better you can open a pull request or make an issue on the website's
[repo](https://git.cronyakatsuki.xyz/crony/cronyakatsuki.xyz).